Malware

What is “Win32/Packed.CAB.K suspicious”?

Malware Removal

The Win32/Packed.CAB.K suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.CAB.K suspicious virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Detects the presence of Windows Defender AV emulator via files
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Suspicious use of certutil was detected
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Packed.CAB.K suspicious?



File Info:

name: 5A5E6D385FF648353270.mlw
path: /opt/CAPEv2/storage/binaries/353d1ef06642918ecadc91b21ea0c12abdc2f56fc46a931a2b5c56185395af5c
crc32: 491679A1
md5: 5a5e6d385ff6483532700abcdd73275a
sha1: 40fe2396e26a14a2971474f3987c4fe94a88ad59
sha256: 353d1ef06642918ecadc91b21ea0c12abdc2f56fc46a931a2b5c56185395af5c
sha512: 7e5b351f03147a73dfa1627ea9e71ef22fbd30a804e696b2a15a1df21aaebab1567e3ebd1a4bd1d4bb2e9fe283090e0bfbc1fe3eec264f8b90ae546085547afa
ssdeep: 24576:JQ4ziAFP8ucSvbw30xfKIo5vkRUUqPcdinRIxHxeYwFk0nzl4k6KTkcCYh:JQ4ziArcSD6Io5vDtdGxeYwq0zl4kr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T192652327C9EC4623FEB18BB411F905D71239BA415B70978B731D8DC878A1BA4B93472B
sha3_384: f3837201f15c38f09ec6a885773fcad6ce5b502cdec04fd607122de554f5632d2d4e1c726c7b93cbdb1e50977e41ba5b
ep_bytes: e8070b0000e905000000cccccccccc6a
timestamp: 2013-10-14 05:50:27


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Hiy59 Vvnxihi Rhtpwleqrv                                           
FileVersion: 4.7.2017.69976 (fmojwtc_bza.712559-3212)
InternalName: Nbanggc                
LegalCopyright: © Microsoft Corporation. Uju Svdskp Rxqzncqm.
OriginalFilename: NRIGKSX.EXE            .CJM
ProductName: Windows® Internet Explorer
ProductVersion: 4.7.2017.69976
Translation: 0x0409 0x04b0

Win32/Packed.CAB.K suspicious also known as:

MicroWorld-eScanTrojan.GenericKD.36258707
FireEyeGeneric.mg.5a5e6d385ff64835
ALYacTrojan.GenericKD.36258707
MalwarebytesTrojan.Dropper.WXT.Generic
SangforTrojan.Win32.Alien.vho
K7AntiVirusTrojan ( 0057661d1 )
AlibabaTrojan:Win32/Alien.23fcb91a
K7GWTrojan ( 0057661d1 )
Cybereasonmalicious.85ff64
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.CAB.K suspicious
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Alien.vho
BitDefenderTrojan.GenericKD.36258707
AvastWin32:Malware-gen
TencentWin32.Trojan.Falsesign.Swli
Ad-AwareTrojan.GenericKD.36258707
EmsisoftTrojan.GenericKD.36258707 (B)
VIPRETrojan.GenericKD.36258707
TrendMicroRansom.Win32.CONTI.SMA.hp
McAfee-GW-EditionArtemis
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
WebrootW32.Dropper.Gen
MicrosoftRansom:Win32/Conti
ZoneAlarmHEUR:Trojan.Win32.Alien.vho
GDataTrojan.GenericKD.36258707
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.RL_Generic.R363900
McAfeeArtemis!5A5E6D385FF6
MAXmalware (ai score=82)
TrendMicro-HouseCallRansom.Win32.CONTI.SMA.hp
RisingDropper.Certutil!1.D0D0 (CLASSIC)
MaxSecureTrojan.Malware.74662763.susgen
FortinetW32/Alien.KPT!tr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Packed.CAB.K suspicious?

Win32/Packed.CAB.K suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment